CVE-2023-45075

Summary

CVE-2023-45075 is a newly disclosed memory leakage vulnerability affecting the SWSMI_Shadow DXE driver. This issue allows a local attacker with elevated privileges to write unintended data to NVRAM variables, potentially leading to unintended system behavior or data corruption. The vulnerability could pose a significant risk if exploited successfully, particularly in environments where the DXE driver is in use and privileged access is not adequately controlled. Users are strongly advised to apply the available patch as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.